Narus is a company now owned by Boeing which produces mass surveillance systems. It was founded in 1997 by Ori Cohen, who had been in charge of technology development for VDONet, an early media streaming pioneer.
It is notable for being the creator of NarusInsight, a supercomputer system used by the NSA and others to perform mass surveillance and monitoring of citizens' and corporations' Internet communications in real-time. The Narus STA 6400 installed in Room 641A at AT&T's San Francisco Internet backbone, as revealed by Mark Klien, helped give rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T, Hepting v. AT&T.
Management and investors
According to Narus's own website listing of the Board of Directors, Dr. Cohen is no longer the Chairman of the Board.
Prior to 9/11 Narus worked on building carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what they term "revenue leakage". Post-9/11 they have continued down that path while adding more semantic monitoring abilities for surveillance purposes.
In 2004, Narus engaged the former Deputy Director of the NSA, William Crowell as a director: Narus Appoints Former Deputy Director of the National Security Agency To Its Board of Directors
"Crowell is an independent security consultant and holds several board positions with a variety of technology and technology-based security companies. Since 9/11, Crowell has served on the DARPA Task Force on Terrorism and Deterrence, the National Research Council Committee on Science and Technology for Countering Terrorism and the Markle Foundation Task Force on National Security in the Information Age."
Narus has venture capital funding from companies including JP Morgan Partners, Mayfield Fund, NeoCarta, Presidio Venture Partners, Walden International, Intel, NTT Software and Sumisho Electronics.
Narus has several business partners who provide various technologies similar to the features of NarusInsight, some funded by In-Q-Tel.
System specification and capabilities
Some features of NarusInsight include:
- Scalability to support surveillance of large, complex IP networks ie the Internet
- High-speed packet processing performance, which enables it to sift through the vast quantities of information that travel over the Internet.
- Normalization, Correlation, Aggregation and Analysis provide a model of user, element, protocol, application and network behaviors, in real-time. That is it can track individual users, monitor which applications they are using (e.g. web browsers, instant messaging applications, email) and what they are doing with those applications (e.g. which web sites they have visited, what they have written in their emails/IM conversations), and see how users' activities are connected to each other (e.g. compiling lists of people who visit a certain type of web site or use certain words or phrases in their emails).
- High reliability from data collection to data processing and analysis.
- NarusInsight's functionality can be configured to feed a particular activity or IP service such as security, "lawful intercept" or even Skype detection and blocking.
- Compliance with Communications Assistance for Law Enforcement Act (CALEA) and European Telecommunications Standards Institute (ETSI).
- Certified by Telecommunication Engineering Center (TEC) in India for ISP intercept and monitoring systems.
The intercepted data flows into NarusInsight Intercept Suite. This data is stored and analyzed for surveillance and forensic analysis purposes.
Other capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of email and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products, such as Pen-Link, offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules.
A single NarusInsight machine can monitor traffic equal to the maximum capacity (10 Gbit/s) of around 39,000 DSL lines or 195,000 telephone modems. But, in practical terms, since individual internet connections are not continually filled to capacity, the 10 Gbit/s capacity of one NarusInsight installation enables it to monitor the combined traffic of several million broadband users.
According to a company press release, the latest version of NarusInsight Intercept Suite (NIS) is "the industry's only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic... including Google Gmail, MSN Hotmail, Yahoo! Mail, and Gawab|Gawab Mail (English and Arabic versions)."
It can also perform semantic analysis of the same traffic as it is happening, in other words analyze the content, meaning, structure and significance of traffic in real time. The exact use of this data is not fully documented, as the public is not authorized to see what types of activities and ideas are being monitored.